cbcvebase.

Niteo Cmp Coming Soon Maintenance Plugin By Niteothemes vulnerabilities

4 known vulnerabilities affecting niteo/cmp_coming_soon_maintenance_plugin_by_niteothemes.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-6518P2HIGHCVSS 8.8≤ 4.1.162026-04-18
CVE-2026-6518 [HIGH] CWE-434 CVE-2026-6518: The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbi The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_pages` capability (available to Editors and above) instead
nvd
CVE-2020-36730P3CRITICALCVSS 9.3≤ 3.8.12023-06-07
CVE-2020-36730 [CRITICAL] CWE-862 CVE-2020-36730: The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugi
nvd
CVE-2023-1263P3MEDIUMCVSS 5.3PoC≤ 4.1.62023-03-07
CVE-2023-1263 [MEDIUM] CWE-200 CVE-2023-1263: The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in ve The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.
nvd
CVE-2023-2159P4MEDIUMCVSS 5.3≤ 4.1.72023-06-09
CVE-2023-2159 [MEDIUM] CWE-284 CVE-2023-2159: The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
nvd
Niteo Cmp Coming Soon Maintenance Plugin By Niteothemes vulnerabilities | cvebase